PT-2026-28197 · Sourcecodester · Sourcecodester Ordering System
Weqi
·
Publicado
2026-03-26
·
Atualizado
2026-03-26
·
CVE-2026-4839
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Food Ordering System version 1.0
Description
A SQL injection issue exists in the SourceCodester Food Ordering System. The issue is located in the Parameter Handler component, specifically within the /purchase.php file. Manipulation of the
custom argument can lead to SQL injection. The attack can be initiated remotely, and details of the exploit have been publicly disclosed.Recommendations
Apply a fix to the vulnerable parameter
custom in the /purchase.php file.Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Sourcecodester Ordering System